What bruce provided is exactly what I described. You can use the Split-Path cmdlet to get the directory names as you move thorugh the collection of data and log files. Like this:

Add-Type -AssemblyName Microsoft.SqlServer.Smo

$instanceName = '.\STANDARD2008R2'

$filePaths = @()

$server = New-Object -TypeName Microsoft.SqlServer.Management.Smo.Server -ArgumentList $instanceName

foreach ($db in $server.Databases) {

#$db.name

$fg = $db.FileGroups

foreach ($group in $fg) {

#$group.Name

foreach ($file in $group.Files) {

$filePaths += (Split-Path -Path $file.FileName -Parent)

}

}

foreach ($log in $db.LogFiles) {

$filePaths += (Split-Path -Path $log.FileName -Parent)

}

}

$filePaths = $filePaths | Select-Object -Unique

# array now contains unique list of paths where data or log files exist

$filePaths

You can now tack your code onto the end of this script inputting the $filePaths array into your foreach loop to call cacls on each path.